Cybersecurity – Carpe Datum Lawhttps://www.carpedatumlaw.com
Legal Updates on eDiscovery, Data Privacy, and CybersecurityFri, 24 May 2019 18:29:09 +0000en-UShourly1https://wordpress.org/?v=4.9.10https://carpedatumlaw.lexblogplatform.com/wp-content/uploads/sites/190/2016/07/cropped-favicon-32x32.pngCybersecurity – Carpe Datum Lawhttps://www.carpedatumlaw.com
3232Top Five Most Common Cybersecurity Attacks and How to Prevent Them – Part 1: Email Spoofing and Wire Fraudhttps://www.carpedatumlaw.com/2019/02/top-five-common-cybersecurity-attacks-prevent-part-1-email-spoofing-wire-fraud/
Thu, 21 Feb 2019 16:37:49 +0000https://www.carpedatumlaw.com/?p=2338Continue Reading...]]>Every day all over the world, companies fall victim to cybersecurity attacks. It’s nearly a constant these days. Many of these attacks are preventable with the right amount of attention to detail in system setup and hardening. The three common themes in postmortem examination of all of these attacks boil down to 1) human error; 2) configuration error; 3) failing to proactively defend. In this series of six posts, we will dive into each attack’s anatomy, the attack vector, and the ways companies can attempt to avoid being victim to them. In the last post, guest bloggers from G2 Insurance will walk through how insurance companies react to claims, what to watch out for in your policies, and appropriate coverage levels for cyber insurance based on their experience handling claims.

#1 Email Spoofing and Wire Fraud

This attack is essentially a wire instruction interception/redirection or wholly fake request for a transfer. This is an event that comes up daily or at least weekly in any cybersecurity professional’s world. This attack typically plays out with a threat actor masquerading as a legitimate authority within a company, typically someone in the C-suite or Director level. To make it successful, the recipient of the wire transfer request has to believe it’s legitimately originating from one of those authoritative people.

One way attackers do this is using actual stolen credentials. Despite the flood of data security breaches and database hacks, people unfortunately still use weak passwords and also re-use passwords. We have seen dozens of instances of successful credential attacks where the attacker used publicly available database leak information to gain unauthorized access to corporate accounts. The approach goes like this: an attacker harvests information regarding corporate leadership from various data sources about companies (LinkedIn, Dunn & Bradstreet, Bloomberg, Google Finance) and chooses a few people to target. They then cross-reference those names to leaked credential databases, often times hosted on Darkweb sites, IRC chat rooms, or other forums dedicated to hacking. If the attacker is able to find other accounts belonging to their targets that have been compromised and have a password, they can try that password, and tens of thousands of variations of it, to attack the corporate account of their victim.

Here is an example: Dejan Stanisaviovich is the CFO of a mature manufacturing company. Unfortunately, his MySpace account, that he forgot he had, was leaked as one of 360 million in 2008. Dejan has used the same password since 2007. The attacker found the myspace.com account belonging to Dejan, and his password, which was “4321drowssaP.” The attacker then worked out the format of Dejan’s corporate email to be dstan@victimco.com, and then tried the password. Since Dejan hasn’t changed his password for any account in 10 years, the attacker got access to Dejan’s account. From there, the attacker can use the actual account to make wire transfer requests to other employees, which won’t be hard to figure out since the attacker has access to his email. The receiving employee sees the requests, and as long as the attacker is careful about wording, format, and the amount requested, the fraudulent wire transfer may actually happen. It’s critical that if your company catches this activity, that it contact the FBI immediately because once the initial wire is made, the attacker will move the money several more times to avoid it being frozen.

Another way attackers carry out these attacks when they can’t get actual access to a corporate account is through email spoofing. Spoofing an email involves making an email appear to come from someone else. The image below is an actual spoofed email. The name that’s blurred in the “From” field is actually a C-suite employee at a startup. However, note the Gmail account that is after it, which is a telltale sign that it’s a spoofed email. When employees receive this, many are not trained to check the actual email account address. They may see the name and just assume it’s legitimate. This employee caught this one, mainly because their Office 365 administrator setup a warning to prepend to the email body, which shows: CAUTION: EXTERNAL EMAIL SENDER at the top of the email. That’s one great way to raise awareness, as is the prepended “EXTERNAL SENDER” in the subject line. Both are easily set up in Office 365.

However, that’s not the only issue to contend with. This one was easy since it had a gmail.com originating address. Often, attackers will forge email header information to make it more believable. For example, it could have appeared to come from dstanis@victimco.com directly even without the attacker having valid credentials! Often, companies of all sizes (small, medium, large, publicly traded…) don’t have proper email validation settings setup in DNS. Those technologies are entire subjects in and of themselves, but every company should make sure their IT group has properly setup SPF, DMARC, and DKIM protections in their domain’s MX (mail exchange) records. This website has a good primer on those technologies: https://blog.higherlogic.com/spf-dkim-dmarc-email-authentication.

How to prevent all of this?

Be proactive! First, to check if your accounts have been leaked, go to https://haveibeenpwned.com/. As of this writing, there are over 6.4 billion account leaks on that website. If your corporate or personal email is listed there, you should make sure that whatever password you used for that account is not in use on ANY current account you have. Attackers automate leaked databases to gain access to other accounts of people whose credentials were leaked. You should also consider using password manager software. We recommend 1Password, which automatically integrates with known leaked database sites and warns you about weak/leaked/reused passwords. We also recommend your company have a robust Password Policy that includes prohibition on password re-use, enforces periodic changes in passwords, and ensures complexity requirements. Password complexity is key.

Train your employees. This is often overlooked or under-executed. Humans are usually the weakest link. It’s true. Proper training will raise awareness, reduce risk, and ultimately protect your company and its employees. Specifically, whenever a wire transfer is requested, all details should be verified with a phone call!

Make sure your domain’s DNS records are setup properly to use SPF, DMARC, and DKIM. Want to check? Input your company’s domain at MXToolbox and see if there are errors with the setup. If so, call your DNS administrator in IT.

Set up domain accounts with two-factor authentication. Cisco’s newly acquired Duo Security is a great choice. This requires employees to enter a password and a token from their smartphone when logging into any corporate resource.

In the next blog post, we will enter the nasty world of paycheck theft, including how it happens and how you can prevent your employees from causing it.

There is no cost to attend but registration is required and seating is limited.

This program will provide Boards, C-Suites and General Counsels with best practice strategies for avoiding unauthorized breaches of electronic data; managing them if they occur; and addressing personal liability risks for Boards and executives. The Distinguished Speakers are experienced cyber security experts from Seyfarth Shaw, KPMG, law enforcement, and current directors.

Best Practices for Avoiding and Managing Threats

Cybersecurity experts and industry professionals will share their views on these questions:

What are your top lessons learned from investigating cyber breach incidents?

What are the most important considerations when developing an overall incident response plan?

Potential Liability Risk for the Board

Securities litigators will emphasize the importance of having a clear plan and robust escalation processes to respond quickly and effectively when an incident occurs. Critical issues to be discussed include:

Fiduciary duties and director liability

Cyber risk landscape and regulatory environment

Role of information governance in minimizing damages from cyberattacks

Cyber risk assessment and implementation of defensive technology

Insurance coverage and other risk mitigation strategies

Two hours of New York CLE credits are approved.

If you have any questions, please contact Morgan Coury at mcoury@seyfarth.com and reference this event.

]]>President Trump Recently Signed Act Creating Federal Cybersecurity Agencyhttps://www.carpedatumlaw.com/2018/12/president-trump-recently-signed-act-creating-federal-cybersecurity-agency/
Mon, 03 Dec 2018 22:04:16 +0000https://www.carpedatumlaw.com/?p=2324Continue Reading...]]>November 16, 2018 – President Donald Trump signed the Cybersecurity and Infrastructure Security Agency Act of 2018, which establishes the Cybersecurity and Infrastructure Security Agency (“CISA”) at the Department of Homeland Security (DHS). The law reorganizes DHS’ National Protection and Programs Directorate (NPPD) into an agency that will focus on cybersecurity threats.

With its promotion to the rank of federal agency, CISA is now on the same level as the Federal Emergency Management Agency (FEMA) and the Secret Service, but still under the DHS’ oversight. The new agency is expected to improve the cybersecurity defenses across other US federal agencies, coordinate cybersecurity programs with states, and bolster the government’s overall cybersecurity protections.

It was also announced that Christopher C. Krebs would serve as CISA’s first director. Mr. Krebs had served as the Under Secretary of the NPPD, the predecessor of CISA. On the day President Trump signed the bill into law, Mr. Krebs tweeted that “The cybersecurity threat is constantly evolving and this reorganization positions us [CISA] to better defend America’s infrastructure from digital and physical threats.” Mr. Krebs added that the new agency would be better able to “accomplish its cybersecurity mission by making it easier to recruit cybersecurity professionals.”

CISA unveiled its new logo on November 28, 2018. With the rise of cybersecurity threats across the country, it is likely that the logo will become a familiar face to many Americans in the coming years.

Welcome to the Future: It arrived yesterday – The intersection of Technology and Legal Services

Bots, bits and bytes… Artificial Intelligence and its leading role in recent legal projects

The program will feature a panel of Seyfarth Chicago subject matter experts — with an eye toward preparing for the developments in the coming year. Our overview will be targeted at highlighting issues for the General Counsel, Chief Information Officer, Chief Human Resource Officer, and other members of their teams.

The program will consist of an engaging ninety minute presentation with speakers from each of Seyfarth Chicago’s practice groups: Benefits, Corporate, Labor & Employment, Litigation, and Real Estate, as well as an exciting presentation on the use of technology in law. Then, we will offer 30 minute break-out sessions on hot topics warranting a deeper dive that companies are facing when looking at their legal compliance needs. The break-out sessions will address Privacy/Data Security, Managing in the #metoo Environment, and Blockchain/Cryptocurrency in business.

The program is on Thursday, December 6, 2018, at 8:00 a.m. – 8:30 a.m., for breakfast and registration, 8:30 a.m. – 10:00 a.m., for the panel presentations, and 10:00 a.m. – 10:30 a.m., for the breakout sessions. Our offices are at 233 S. Wacker Drive, Suite 8000, in Chicago, IL.

Also, for those that need the credits, note that Seyfarth Shaw LLP is an approved provider of Illinois CLE credit. This seminar is approved for 1.5 hours of CLE credit CA, IL, NY, NJ and TX. CLE Credit is pending for GA and VA. HR professionals: please note that the HR Certification Institute accepts CLE credit toward recertification.

]]>EU Continues Focus on Privacy and Cybersecurity Through New Proposed Regulationhttps://www.carpedatumlaw.com/2018/09/eu-continues-focus-privacy-cyber-security-new-proposed-regulation/
Wed, 12 Sep 2018 19:25:39 +0000https://www.carpedatumlaw.com/?p=2311Continue Reading...]]>This morning, the European Commission released a Proposal for a Regulation addressing the EU’s cybersecurity industry as part of its next step towards a Digital Single Market, which is the EU’s strategy to ensure fair competition, consumer and data protection, and removal of copyright and geo-blocking issues for individuals participating in online activities and accessing online content. The Regulation would establish the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres in order to “equip Europe with the right tools to deal with an ever-changing cyber threat.” See their Fact Sheet here. The EU has various initiatives in place to address today’s current cyber threats, as well as the deterrence of future attacks. Specifically, it is working with member states to improve cybersecurity initiatives, EU-level cooperation, and risk prevention, and plans to establish an EU-wide certification framework to ensure products and services are cyber-secure. Today’s proposal carries these initiatives further by suggesting the creation of a Network of Competence Centres and a European Cybersecurity Industrial, Technology and Research Competence Centre “to develop and roll out the tools and technology needed to keep up with an ever-changing threat.” See Fact Sheet. The Commission is hoping that the creation of this Network will allow the many existing cybersecurity competence centres in the EU to pool and share information and expertise, help deploy EU cybersecurity products and solutions, and facilitate cooperation between industries and communities. The Network will unite existing member state centres and allow them to co-invest to drive research and innovation, and allow for additional investment and funding to improve the EU’s digital economy, and the Centre will aid in facilitating the work of the Network.

Under this framework, each EU member state will be responsible for nominating one national coordination centre which will essentially be that country’s leader and representative to the community; these local centres will carry out actions under the Regulation, as well as determine the distribution of funds on a local level. The Commission expects that creation of one, centralized framework will allow for increased coordination and exchange of expertise and knowledge, cost savings though co-investment, and opportunity for the EU to become a global leader in cybersecurity.

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Seyfarth’s eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners are pleased to announce the release of Data Privacy & Protection in the EU-U.S.: What Companies Need to Know Now, which describes GDPR’s unique legal structure and remedies, and includes tips and strategies in light of the future passage of the GDPR.

How to Get Your Desktop Guide:

To request the Data Privacy & Protection in the EU-U.S. Desktop Guide as a pdf or hard copy, please click the button below:

GDPR Webinar Series

Throughout August and October of 2017, Seyfarth Shaw’s attorneys provided high-level discussions on risk assessment tools and remediation strategies to help companies prepare and reduce the cost of EU GDPR compliance. Each segment is one hour long and can be accessed on-demand at Seyfarth’s Carpe Datum Law Blog and The Global Privacy Watch Blog.

For updates and insight on GDPR, we invite you to click here to subscribe to Seyfarth’s Carpe Datum Law Blog and here to subscribe to Seyfarth’s The Global Privacy Watch Blog.

]]>Cyber Security Best Practiceshttps://www.carpedatumlaw.com/2017/09/cyber-security-best-practices/
Tue, 26 Sep 2017 15:32:39 +0000http://www.carpedatumlaw.com/?p=2257Continue Reading...]]>When you bring to mind someone “hacking” a computer one of the images that likely comes up is a screen of complex code designed to crack through your security technology. Whereas there is a technological element to every security incident, the issue usually starts with a simple mistake made by one person. Hackers understand that it is far easier to trick a person into providing a password, executing malicious software, or entering information into a fake website, than cracking an encrypted network — and hackers prey on the fact that you think “nobody is targeting me.”

Below are some guidelines to help keep you and your technology safe on the network.

General Best Practices

Let’s start with some general guidelines on things you should never do with regards to your computer or your online accounts.

First, never share your personal information with any individual or website unless you are certain you know with whom you are dealing. Hackers often will call their target (you) pretending to be a service desk technician or someone you would trust. The hacker than asks you to provide personal information such as passwords, login ids, computer names, etc.; which all can be used to compromise your accounts. The best thing to do in this case, unless you are expecting someone from your IT department to call you, is to politely end the conversation and call the service desk back on a number provided to you by your company. Note, this type of attack also applies to websites. Technology exists for hackers to quickly set up “spoofed” websites, or websites designed to look and act the same as legitimate sites with which you are familiar. In effect this is the same approach as pretending to be a legitimate IT employee; however, here the hacker entices you to enter information (username and password) into a bogus site in an attempt to steal the information. Be wary of links to sites that are sent to you through untrusted sources or email. If you encounter a site that doesn’t quite look right or isn’t responding the way you expect it to, don’t use the site. Try to access the site through a familiar link.

Second, whether or not you have a Bring-Your-Own-Device (“BYOD”) program at work chances are you will at some point be using a mobile device to conduct to conduct business. Don’t feel that your mobile phone is invulnerable to being compromised. (Every networked device — Apple, Microsoft, Android, Linux, etc. — can be compromised) Mobile hacking is one of the fastest growing areas for exploiting individuals and companies. This is largely because people do not typically have security programs — such as anti-virus software — on their mobile device. Additionally, people often connect their mobile devices to public networks, like those available at coffee shops, hotels, etc. — these networks are not secure. Your best defense against having your mobile device hacked is to install a decent security app and be sure to turn off the Wi-Fi, Bluetooth, and Hotspot settings when they are not in use. Also, try to only install apps from companies you recognize. Further, mobile banking and purchasing apps make life easy, but if you don’t have security software — or if you are conducting a larger transaction — you may want to do it on your computer.

Next, If your computer’s security software pops up a security warning, pay attention to it. Often times we are in a hurry and tend to click through these types of warnings, but that is a mistake. The warning is there for a purpose whether it is a flag indicating that a website is potentially dangerous or a notice that your computer has detected malware. When you see a warning it is best to stop what you are doing, close down any open websites, and call your help desk. You may also want to scan the computer with your security software. However, be careful of “security warnings” that pop-up from websites. If the warning does not look like the warnings you are used to, and does not indicate the name of your security software, it may be a malicious attempt to compromise your computer.

Finally, don’t plug USB drives into your computer unless you know where it comes from and where it has been. Rouge USB drives are a method by which hackers get malicious programs onto your computer. The drive may contain an enticing file that when clicked, loads a virus onto your computer, or in some cases the drive may load the malware simply by being plugged into your USB port. So, if you find a USB lying around it is best to turn it into IT, or throw it away.

Vulnerabilities in Email

Email is the most common avenue by which hackers attempt to compromise your computer; email is ubiquitous, cheap, simple, and effective. Email attacks generally take one of the following approaches and often combine more than one approach.

Spam and Scam emails are designed to trick you into: starting a dialogue with an attacker, entering personal information, clicking on a link , or downloading a file. Each of these actions is dangerous. An attacker who begins a dialogue with you over email is likely using a technique known as “social engineering.” The attacker is attempting to build your trust with the intent of using that trust against you to get compromising information in the future. The attack may come in the form of asking you to send or enter personal information via email or website. Next, clicking on links and downloading files from untrusted sources are never good ideas. It is possible for an attacker to send a link that, when clicked, will automatically download and execute malware on your computer. And if you download an untrusted file in an email and open it (regardless of the file type — .doc, .pdf, .xlsx) you may just well be doing the attackers job for them. These files can easily be disguised malware such as trojans, worms, or viruses.

In conjunction with scam and spam emails hackers often use a technique known as phishing. This is where a hacker sends an email that appears to be for a legitimate business purpose and may appear to come from a client or a business associate. The end goal is the same as with spam and scam emails — to trick you into providing information or executing a malicious program. Sophisticated hackers may also use a technique known as spear phishing. In a spear phishing attack, the hacker gets to know you first by researching your public profile — such as your Facebook page, company bio, or LinkedIn account — and then tailors the attack specifically for you. By using your own publically available information, the attacker is more likely to be able to build your trust and ultimately trick you.

To avoid email scams be mindful of the email address from which the email is sent. Often attackers will send the email from an address that resembles one you are familiar with but is slightly different. Also, look for unusual email formatting or language: is there usually a signature at the bottom of the email from this person but it is missing; is the grammar of the email poor; is the person sending the email using words or sentence structure in a way they normally would not; do you recognize the company from which the email is being sent. If you “know” the person who presumably sent the email, you can all them and ask if it came from them. If you don’t know the sender but are suspicious, contact IT.

Securing your Online Accounts

Today most web sites have password policies which require you to use special characters, numbers, caps, etc. when creating a password. These policies are all designed to thwart password cracking attempts by hackers. However, simply following the password policy isn’t always enough. Here, hackers prey on the fact that you will likely use natural language passwords because they are easier to remember — like MyPassword. Natural language passwords take seconds to crack using publically available password cracking technology — and “My1Password!” isn’t much more difficult to crack than the latter. When creating a password is best to stick with something you can remember but also something that cannot be found in a dictionary or on your Facebook profile — like your birthdate.

In addition to solid password protection be mindful that the site you are accessing has a valid “digital certificate.” Invariably you have seen a pop-up while traversing the internet that said something like “Warning, this site has an expired digital certificate.” And most certainly you simply clicked “okay” and went about your way. Sometimes this is fine, but other times it can be in indicator that you are on a spoofed or illegitimate website. When you are accessing any type of website that requires you to login, make sure it says “https:” in the navigation bar prior to the web address, not just “http:.” HTTPS is a sign that you are sending your information over a secure encrypted network. Also, if you are accessing an https site and you get that security certificate pop-up, it is probably best to navigate away.

Conducting Business Over the Internet

All of the above guidelines apply to conducting business over the internet; however, there are a few additional business specific pointers to keep you safe. For example, public Wi-Fi is never secure, but that goes double when you are conducting business or attempting a financial transaction. Your company may offer a secure channel to access your email or network such as VPN or Citrix. If you must use public Wi-Fi, be sure to connect using the secure channel. These channels provide a “secure wrapper” around communications with your work internet that make it much harder for attackers to get access to your information. Finally, regardless whether or not you are in a home, work, or private network, if you are conducting a financial transaction — such as wire transfer — it will benefit you to be overly cautious. When sending wire instructions be sure to password protect the document containing the instructions rather than including account and routing numbers in the body of an email or in an unsecure word document. Most major document software (MS Word, Adobe PDF, etc.) include a password protection option out-of-the-box available in the File menu. Additionally, secure messaging apps, such as Signal, are available for both Android and iPhone and allow for encrypted communication. Alternatively, consider faxing the instructions or simply dictating them over the phone. Finally, if you are the sender, it is always best to call the intended recipient to be sure the correct transaction went through.

Always remember, hackers count on you making simple mistakes. Following the guidelines above will go a long way to keeping you and your technology safe.

]]>File Share Platforms and Business Riskhttps://www.carpedatumlaw.com/2017/09/file-share-platforms-business-risk/
Mon, 11 Sep 2017 19:15:19 +0000http://www.carpedatumlaw.com/?p=2250Continue Reading...]]>The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers a well. File sharing platforms and accounts have a high “hack value” — the overall value of the accounts on the dark web — due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms. The risk associated with the use of file share platforms is twofold. First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information. Second, file share platforms available to employees outside of the company — e.g. the employee Google Drive account — may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real. In August of 2016 Dropbox forced users to reset their passwords based on a breach — 60 million account credentials compromised — that had been discovered but was executed four years earlier in 2012.

Thus, it is important that businesses educate their employees on the risks of sharing information on these platforms and apply strict administrative and technical safeguards mitigate the risk of attack.

Common File Share Attack Approach

The most common approach attackers use to compromise file share platforms is phishing. Phishing is a technique by which the attackers sends out a legitimate looking (albeit fake) email which entices the employee to click on a link and provide information — such as login credentials — which goes directly to the attacker. Alternatively, the phishing attack may convince the employee to download an infected file to the same ends. Once the attacker has compromised the file share, he or she can either steal information directly, escalate privileges to access more information, obtain additional account credentials, or sell the information on the dark web. Access to the file share can also be used to perform a Denial of Service (“DoS”) attack by downloading or uploading large volumes of data thus congesting the network and preventing legitimate use.

Despite Google’s perceived safety, two major phishing attacks have been reported on Google accounts in the last two years. In late 2016, over a million google accounts were compromised by a malware attack known as Gooligan, designed to steal credentials allowing access to the victims Google services. Gooligan infected an estimated 13,000 devices per day during its lifecycle. Again in early 2017, Google accounts were targeted with a message requesting the user to download a file. When the user selected the link to download the file a face service that looked like a legitimate google service would request access to the users Gmail account.

Mitigating Risk

Businesses can mitigate the risk of file share attacks by implementing strict policies and sanctions regarding their use. For example, all non-business file share sites can be blocked on the company’s network. Strict policies and monitoring should be in place to gain access to file share sites and employee accounts with such access should be closely monitored. Businesses should also implement test “phishing campaigns” — sending out company controlled phishing emails — to educate employees on what these email look like and how to avoid them. Phishing tests also help businesses understand their risks by monitoring the number of employees who click on the bogus links. Whereas businesses have less control over employees loading data on to personal file share accounts, strict sanctions should be in place regarding this activity and employees should be aware of these sanctions.

]]>Is your organization ready for the new EU General Data Protection Regulation?https://www.carpedatumlaw.com/2017/08/organization-ready-new-eu-general-data-protection-regulation/
Fri, 25 Aug 2017 20:43:41 +0000http://www.carpedatumlaw.com/?p=2240Continue Reading...]]>On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present a series of four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance.

Overview of Current EU Data Protection Directive and Brief Introduction to the EU General Data Protection Regulation (GDPR), Effective May 25, 2018